You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Your Semaphore project can now be created with a simple command-line tool. For more information see the README file of our package or try our new Quick Setup in our documentation. Currently it can be used to create a project with Hardhat and Semaphore contracts (cli-template-hardhat) but we plan to integrate new templates (e.g. Foundry template).
The Hardhat plugin for Semaphore can be used to deploy the Semaphore.sol contract with a simple Hardhat task. For more information see the README file of our package.
Editor’s entity may be overwritten (V-SEM-VUL-003)
If an entity’s editor is overwritten, that entity would no longer be able to add or remove whistleblowers in the future. A malicious actor could therefore use createEntity to disrupt the expected operation of the contract.
For more information see the Github issue or read the Veridise report below.
merkleRootDuration cannot be changed (V-SEM-VUL-007)
The admin might not know an appropriate value for the merkleRootDuration and may like to change it if the the initial value is inconvenient. In addition, under certain circumstances a poorly chosen value could cause verifyProof to fail.
For more information see the Github issue or read the Veridise report below.
Infinite loop if input array is too large (V-SEM-VUL-006)
If an admin adds more than 255 members, the infinite loop will consume all of the transaction’s gas and then revert. This therefore can waste a user’s funds.
For more information see the Github issue or read the Veridise report below.
Different checks used to determine if group exists (V-SEM-VUL-010)
In the unlikely scenario that the group exists and the root hash is 0, legitimate verify, update, and remove transactions would get rejected until the root hash changes.
For more information see the Github issue or read the Veridise report below.
First, this value allows the creator of a group guaranteed access to the group. In certain circumstances this may be undesired (for example if the admin is not the group creator such as if the admin is a DAO that votes on who to add/remove or if an admin is changed) as the original creator has a permanent method of influencing the application that uses the groups. There are similar methods an admin (who might not be the group creator) can use without the zeroValue but these (1) are more visible as adding members is a matter of public record and (2) can be undone by removing the user.
Second, if common values such as 0 are repeatedly used and the identity commitment of this value is eventually compromised, such a user would be able to gain membership to all groups that use this value as the zeroValue.
For more information see the Github issue or read the Veridise report below.
Some functions of the contracts and JavaScript libraries have been revised to make the dev experience smoother. Below are details of the changes to simplify your migration from v2.6.1 to v3.
The old Verifier contracts and the SemaphoreCore.sol contract were replaced by a single SemaphoreVerifier.sol contract, which contains a single external function to verify proofs. The old verifier parameter (the verifier contract address) was replaced by merkleTreeDepth.
The identity commitment is generated in the constructor of the class, so that it is immediately available as an accessor property together with trapdoor a nullifier.
import { Identity } from "@semaphore-protocol/identity"
import { Group } from "@semaphore-protocol/group"
const identity = new Identity()
const group = new Group(1)
- group.addMember(identity.generateCommitment())+ group.addMember(identity.commitment)
The constructor parameters of the Group class are in accordance with the parameters of the createGroup function of the Semaphore.sol contract. The first parameter is the group id (required), and the second is the depth of the Merkle tree (optional). The zero value, as in Semaphore.sol, is created internally and is the Keccak hash of the group id.
import { Group } from "@semaphore-protocol/group"
const groupId = 1
- const group = new Group()+ const group = new Group(groupId)
It is no longer necessary to call the packToSolidityProof function, the generated proof (fullProof.proof) can be verified by both on-chain and off-chain verifier functions now.
The outuput of generateProof has been revised so that it contains exactly the parameters needed for the verifier functions (the on-chain one also requires the group id).
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Semaphore
-
Changelog
🚀 New Features
Semaphore CLI
Your Semaphore project can now be created with a simple command-line tool. For more information see the README file of our package or try our new Quick Setup in our documentation. Currently it can be used to create a project with Hardhat and Semaphore contracts (
cli-template-hardhat) but we plan to integrate new templates (e.g. Foundry template).Semaphore Hardhat plugin
The Hardhat plugin for Semaphore can be used to deploy the
Semaphore.solcontract with a simple Hardhat task. For more information see the README file of our package.🐛 Bug Fixes
Editor’s entity may be overwritten (V-SEM-VUL-003)
If an entity’s editor is overwritten, that entity would no longer be able to add or remove whistleblowers in the future. A malicious actor could therefore use createEntity to disrupt the expected operation of the contract.
For more information see the Github issue or read the Veridise report below.
merkleRootDurationcannot be changed (V-SEM-VUL-007)The admin might not know an appropriate value for the
merkleRootDurationand may like to change it if the the initial value is inconvenient. In addition, under certain circumstances a poorly chosen value could cause verifyProof to fail.For more information see the Github issue or read the Veridise report below.
Infinite loop if input array is too large (V-SEM-VUL-006)
If an admin adds more than 255 members, the infinite loop will consume all of the transaction’s gas and then revert. This therefore can waste a user’s funds.
For more information see the Github issue or read the Veridise report below.
Different checks used to determine if group exists (V-SEM-VUL-010)
In the unlikely scenario that the group exists and the root hash is 0, legitimate verify, update, and remove transactions would get rejected until the root hash changes.
For more information see the Github issue or read the Veridise report below.
No zero value validation (V-SEM-VUL-001)
First, this value allows the creator of a group guaranteed access to the group. In certain circumstances this may be undesired (for example if the admin is not the group creator such as if the admin is a DAO that votes on who to add/remove or if an admin is changed) as the original creator has a permanent method of influencing the application that uses the groups. There are similar methods an admin (who might not be the group creator) can use without the zeroValue but these (1) are more visible as adding members is a matter of public record and (2) can be undone by removing the user.
Second, if common values such as 0 are repeatedly used and the identity commitment of this value is eventually compromised, such a user would be able to gain membership to all groups that use this value as the zeroValue.
For more information see the Github issue or read the Veridise report below.
Minor bug fixes
snarkjsandposeidon-litedependencies by @cedoor in No version range forsnarkjsandposeidon-litedependencies #226♻️ Refactoring
merkleTreeattribute and new method name by @cedoor in PublicmerkleTreeattribute and new method name #163Migration
Some functions of the contracts and JavaScript libraries have been revised to make the dev experience smoother. Below are details of the changes to simplify your migration from v2.6.1 to v3.
@semaphore-protocol/contractsSemaphoreVerifier.solThe old Verifier contracts and the
SemaphoreCore.solcontract were replaced by a singleSemaphoreVerifier.solcontract, which contains a single external function to verify proofs. The oldverifierparameter (the verifier contract address) was replaced bymerkleTreeDepth.SemaphoreGroups.solThe zero value required for the Merkle trees of groups is now created internally based on the group id.
Semaphore.solAccording to the new
SemaphoreVerifier.solcontract, the constructor ofSemaphore.solonly needs one address now.According to the new
SemaphoreGroups.solcontract, thecreateGroupfunction only needs three or four parameters now.@semaphore-protocol/identityGet the identity commitment
The identity commitment is generated in the constructor of the class, so that it is immediately available as an accessor property together with trapdoor a nullifier.
import { Identity } from "@semaphore-protocol/identity" import { Group } from "@semaphore-protocol/group" const identity = new Identity() const group = new Group(1) - group.addMember(identity.generateCommitment()) + group.addMember(identity.commitment)@semaphore-protocol/groupCreate a group
The constructor parameters of the
Groupclass are in accordance with the parameters of thecreateGroupfunction of theSemaphore.solcontract. The first parameter is the group id (required), and the second is the depth of the Merkle tree (optional). The zero value, as inSemaphore.sol, is created internally and is the Keccak hash of the group id.import { Group } from "@semaphore-protocol/group" const groupId = 1 - const group = new Group() + const group = new Group(groupId)@semaphore-protocol/proofGenerate/Verify a proof
It is no longer necessary to call the
packToSolidityProoffunction, the generated proof (fullProof.proof) can be verified by both on-chain and off-chain verifier functions now.Generate a proof:
- const solidityProof = packToSolidityProof(fullProof.proof)The outuput of
generateProofhas been revised so that it contains exactly the parameters needed for the verifier functions (the on-chain one also requires the group id).Audit
Semaphore v3 was formally audited and verified by our friends at Veridise. You can read the full report here: Veridise Auditing Report - Semaphore version 3.0.
This discussion was created from the release v3.0.0.
Beta Was this translation helpful? Give feedback.
All reactions